ProHoster > Блог > ozi ịntanetị > Linux 5.4 kernel enwetala patches iji gbochie ohere mgbọrọgwụ na kernel internals

Linux 5.4 kernel enwetala patches iji gbochie ohere mgbọrọgwụ na kernel internals

Linus Torvalds nabatara gụnyere na ntọhapụ na-abịanụ nke Linux 5.4 kernel bụ patches "mkpọchi« tụrụ aro David Howells (Okpu uhie) na Matthew Garrett (Matthew egwuchi, na-arụ ọrụ na Google) iji gbochie onye ọrụ ohere ịnweta kernel. Ọrụ metụtara mkpọchi gụnyere n'ime modul LSM nke eburu ibu (nhọrọ) (Modul nchekwa Linux), nke na-etinye mgbochi n'etiti UID 0 na kernel, na-amachibido ụfọdụ ọrụ dị ala.

Ọ bụrụ na onye na-awakpo nweta koodu ogbugbu na ikike mgbọrọgwụ, ọ nwere ike mebie koodu ya na ọkwa kernel, dịka ọmụmaatụ, site na iji kexec dochie kernel ma ọ bụ ịgụ / ide ederede site na /dev/kmem. Ihe kacha pụta ìhè nke ọrụ dị otú ahụ nwere ike ịbụ ntughari UEFI Secure Boot ma ọ bụ weghachite data nwere mmetụta echekwara na ọkwa kernel.

Na mbido, emepụtara ọrụ mgbochi mgbọrọgwụ n'ọnọdụ nke iwusi nchekwa nke buut enwetara ike, na nkesa na-eji patches ndị ọzọ egbochi ụzọ UEFI Secure Boot ruo nwa oge. N'otu oge ahụ, ihe mgbochi ndị dị otú ahụ adịghị etinye na isi ihe mejupụtara kernel n'ihi nghọtahie na mmejuputa ha na egwu nke imebi usoro ndị dị ugbu a. Modul “mkpọchi” etinyerelarị patches nke ejirila na nkesa, nke emegharịrị n'ụdị sistemụ dị iche na-ejikọghị na UEFI Secure Boot.

Ọnọdụ mkpọchi na-egbochi ohere / dev/mem, / dev/kmem, / dev/port, /proc/kcore, debugfs, kprobes debug mode, mmiotrace, tracefs, BPF, PCMCIA CIS (Ụdị Ozi Kaadị), ụfọdụ ACPI interfaces na CPU. Ndebanye aha MSR, oku kexec_file na kexec_load akpọchiela, amachibidoro ọnọdụ ihi ụra, amachibidoro iji DMA maka ngwaọrụ PCI, amachibidoro mbubata koodu ACPI site na mgbanwe EFI,
A naghị anabata mmegharị ahụ na ọdụ ụgbọ mmiri I/O, gụnyere ịgbanwe nọmba nkwụsịtụ yana ọdụ ụgbọ mmiri I/O maka ọdụ ụgbọ mmiri.

Site na ndabara, modul mkpọchi anaghị arụ ọrụ, a na-ewu ya mgbe akọwapụtara SECURITY_LOCKDOWN_LSM nhọrọ na kconfig wee rụọ ọrụ site na paramita kernel “lockdown =”, faịlụ njikwa “/ sys/kernel/security/lockdown” ma ọ bụ nhọrọ mgbakọ. LOCK_DOWN_KERNEL_FORCE_*, nke nwere ike were ụkpụrụ "iguzosi ike n'ezi ihe" na "nzuzo". N'okwu nke mbụ, a na-egbochi njirimara ndị na-ekwe ka mgbanwe na kernel na-agba ọsọ site na ohere onye ọrụ, na nke abụọ, ọrụ nke a pụrụ iji wepụ ozi dị nro na kernel na-enwekwa nkwarụ.

Ọ dị mkpa ịmara na mkpọchi mkpọchi na-egbochi naanị ịnweta kernel, mana ọ naghị echebe megide mgbanwe n'ihi nrigbu nke adịghị ike. Iji gbochie mgbanwe na kernel na-agba ọsọ mgbe ọrụ Openwall na-eji arụ ọrụ na-eto eto iche iche modul LKRG (Linux Kernel Runtime Guard).

isi: opennet.ru

Tinye a comment